ckaczor/sqltoolsservice
1
0
Fork 0
mirror of https://github.com/ckaczor/sqltoolsservice.git synced 2026-01-22 01:25:44 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
f9597bacd876082c288f034ecc9f99b47e76c774
sqltoolsservice/src/Microsoft.SqlTools.ServiceLayer/AzureBlob/SharedAccessSignatureCreator.cs
Nemanja Milovančević 881c335cdf Backup/Restore Managed Instance (#1428) 
* Enabled backup to and restore from URL

* Created RPC, but when process tries to load Microsoft.Azure.Storage.Blob.dll, it crashes

* Added create shared access token

* Code refactor

* Minor changes

* Changed RPC path

* Moved createSas RPC to the newly created BlobService, fixed PR comments

* Added sas expiration date parameter to the RPC

* Added copyright headers

* Removed ConnectionInstance property from BlobService

* Removed unhelpful comment

* Removed unused using statements

* Changed copy/paste comments

* Disposable objects fix

* Small formatting fix

* Changed backup to/restore from url supported device types

* Added backup to url integration test

* Created restore integration test. Test are now getting azure blob params from env variables instead of file.

* Culture invariant epiration date param, fixed comment, and typo

* Updated headers

* PR comments fix

* Changed supported device type logic

* string localization fix

* String formatting fix

* build failure fix

* Typo

* Updated supported restore device types
2022-04-20 14:01:13 -07:00

117 lines
5.2 KiB
C#
Raw Blame History

//
// Copyright (c) Microsoft. All rights reserved.
// Licensed under the MIT license. See LICENSE file in the project root for full license information.
//
using System;
using Microsoft.SqlServer.Management.Smo;
using Azure.Storage.Blobs;
using Azure.Storage;
using Azure.Storage.Sas;
using Microsoft.SqlTools.ServiceLayer.AzureBlob.Contracts;
using System.Globalization;
namespace Microsoft.SqlTools.ServiceLayer.AzureBlob
{
class SharedAccessSignatureCreator
{
private Server sqlServer;
public SharedAccessSignatureCreator(Server sqlServer)
{
this.sqlServer = sqlServer;
}
public string CreateSqlSASCredential(string accountName, string accountKey, string containerUri, string expirationDateString)
{
DateTimeOffset? expirationDate = null;
if (!String.IsNullOrEmpty(expirationDateString))
{
expirationDate = DateTimeOffset.Parse(expirationDateString, CultureInfo.InvariantCulture);
}
var containerClient = new BlobContainerClient(new Uri(containerUri), new StorageSharedKeyCredential(accountName, accountKey));
Uri secretStringUri = GetServiceSasUriForContainer(containerClient, null, expirationDate);
string secretString = secretStringUri.ToString().Split('?')[1];
string identity = "Shared Access Signature";
WriteSASCredentialToSqlServer(containerUri, identity, secretString);
return secretString;
}
/// <summary>
/// Create sql sas credential with the given credential name
/// </summary>
/// <param name="credentialName">Name of sas credential, here is the same of the full container url.</param>
/// <param name="identity">Identity for credential, here is fixed as "Shared Access Signature"</param>
/// <param name="secretString">Secret of credential, which is sharedAccessSignatureForContainer </param>
/// <returns> The newly created SAS credential</returns>
public Credential WriteSASCredentialToSqlServer(string credentialName, string identity, string secretString)
{
try
{
// Format of Sql SAS credential:
// CREATE CREDENTIAL [https://<StorageAccountName>.blob.core.windows.net/<ContainerName>] WITH IDENTITY = N'Shared Access Signature',
// SECRET = N'sv=2014-02-14&sr=c&sig=lxb2aXr%2Bi0Aeygg%2B0a4REZ%2BqsUxxxxxxsqUybg0tVzg%3D&st=2015-10-15T08%3A00%3A00Z&se=2015-11-15T08%3A00%3A00Z&sp=rwdl'
//
CredentialCollection credentials = sqlServer.Credentials;
Credential azureCredential = new Credential(sqlServer, credentialName);
// Container can have many SAS credentials coexisting, here we'll always drop existing one once customer choose to create new credential
// since sql customer has no way to know its existency and even harder to retrive its secret string.
if (credentials.Contains(credentialName))
{
Credential oldCredential = credentials[credentialName];
oldCredential.Drop();
}
azureCredential.Create(identity, secretString);
return azureCredential;
}
catch (Exception ex)
{
throw new FailedOperationException(SR.WriteSASCredentialToSqlServerFailed, ex);
}
}
/// <summary>
/// Create Shared Access Policy for container
/// Default Accesss permission is Write/List/Read/Delete
/// </summary>
/// <param name="container"></param>
/// <param name="policyName"></param>
/// <param name="selectedSaredAccessExpiryTime"></param>
public Uri GetServiceSasUriForContainer(BlobContainerClient containerClient,
string storedPolicyName = null,
DateTimeOffset? expiringDate = null)
{
// Check whether this BlobContainerClient object has been authorized with Shared Key.
if (containerClient.CanGenerateSasUri)
{
// Create a SAS token
BlobSasBuilder sasBuilder = new BlobSasBuilder()
{
BlobContainerName = containerClient.Name,
Resource = BlobSasResource.BLOB_CONTAINER
};
if (storedPolicyName == null)
{
sasBuilder.ExpiresOn = (DateTimeOffset)(expiringDate == null ? DateTimeOffset.UtcNow.AddYears(1) : expiringDate);
sasBuilder.SetPermissions(BlobContainerSasPermissions.Read | BlobContainerSasPermissions.List | BlobContainerSasPermissions.Write | BlobContainerSasPermissions.Delete);
}
else
{
sasBuilder.Identifier = storedPolicyName;
}
Uri sasUri = containerClient.GenerateSasUri(sasBuilder);
return sasUri;
}
else
{
throw new FailedOperationException(SR.CreateSasForBlobContainerFailed);
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink